Created
August 26, 2024 13:12
-
-
Save dafthack/b0304ff3eb52c70ac44a837c83d55e9a to your computer and use it in GitHub Desktop.
Revisions
-
dafthack created this gist
Aug 26, 2024 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,307 @@ function Invoke-SubscriptionEnum{ param( [string]$outputDirectory = "." ) $context = Get-AzContext $subid = $context.Subscription.Id Write-Host -ForegroundColor Yellow ("[***] Enumerating Subscription " + $subid) $publicresources = @() $storageaccountlist = @() Write-Host -ForegroundColor Yellow "[*] Getting VMs" # Get all Virtual Machines with Public IP Addresses $vms = Get-AzVM $vmDnsNames = @() foreach ($vm in $vms) { $nic = Get-AzNetworkInterface -ResourceGroupName $vm.ResourceGroupName -Name $vm.NetworkProfile.NetworkInterfaces[0].Id.Split('/')[-1] # Check if the network interface has an IP configuration and public IP associated if ($nic.IpConfigurations[0].PublicIpAddress) { $publicIpName = $nic.IpConfigurations[0].PublicIpAddress.Id.Split('/')[-1] $publicIp = Get-AzPublicIpAddress -ResourceGroupName $vm.ResourceGroupName -Name $publicIpName # Ensure that the public IP object is not null if ($publicIp) { [PSCustomObject]@{ ResourceType = "Virtual Machine" Name = $vm.Name PublicIpAddress = $publicIp.IpAddress DnsName = $publicIp.DnsSettings.Fqdn } $publicresources += $publicIp.IpAddress } if ($publicIp.DnsSettings.Fqdn) { $publicresources += $publicIp.DnsSettings.Fqdn } } } Write-Host -ForegroundColor Yellow "[*] Getting Public IPs" $publicIps = Get-AzPublicIpAddress # Create an array to store public IP details $publicIpDetails = @() foreach ($publicIp in $publicIps) { $publicIpDetails += [PSCustomObject]@{ ResourceType = "Public IP Address" Name = $publicIp.Name IpAddress = $publicIp.IpAddress DnsName = $publicIp.DnsSettings.Fqdn ResourceGroupName = $publicIp.ResourceGroupName } $publicresources += $publicIp.IpAddress } Write-Host -ForegroundColor Yellow "[*] Getting Load Balancers" # Get all Load Balancers with Public IP Addresses $loadBalancers = Get-AzLoadBalancer foreach ($lb in $loadBalancers) { foreach ($frontendIp in $lb.FrontendIpConfigurations) { # Check if the FrontendIpConfiguration has a PublicIpAddress if ($frontendIp.PublicIpAddress) { $publicIpName = $frontendIp.PublicIpAddress.Id.Split('/')[-1] $publicIp = Get-AzPublicIpAddress -ResourceGroupName $lb.ResourceGroupName -Name $publicIpName # Ensure that the public IP object is not null if ($publicIp) { [PSCustomObject]@{ ResourceType = "Load Balancer" Name = $lb.Name PublicIpAddress = $publicIp.IpAddress DnsName = $publicIp.DnsSettings.Fqdn } $publicresources += $publicIp.IpAddress } } } } Write-Host -ForegroundColor Yellow "[*] Getting App Services" # Get all Azure App Services with DNS Names $appServices = Get-AzWebApp foreach ($appService in $appServices) { [PSCustomObject]@{ ResourceType = "App Service" Name = $appService.Name DnsName = $appService.DefaultHostName } $publicresources += $appService.DefaultHostName } Write-Host -ForegroundColor Yellow "[*] Getting Databases" # Get all SQL Databases with DNS Names $sqlServers = Get-AzSqlServer foreach ($sqlServer in $sqlServers) { [PSCustomObject]@{ ResourceType = "SQL Database" Name = $sqlServer.FullyQualifiedDomainName DnsName = $sqlServer.FullyQualifiedDomainName } $publicresources += $sqlServer.FullyQualifiedDomainName } Write-Host -ForegroundColor Yellow "[*] Getting Storage Accounts" # Get all Storage Accounts with DNS Names $storageAccounts = Get-AzStorageAccount foreach ($storageAccount in $storageAccounts) { $primaryEndpoints = $storageAccount.PrimaryEndpoints # Remove the 'https://' prefix and the trailing '/' from the Blob endpoint $blobEndpoint = ($primaryEndpoints.Blob -replace "https://", "").TrimEnd('/') # Create a custom object with the processed DNS name [PSCustomObject]@{ ResourceType = "Storage Account" Name = $storageAccount.StorageAccountName DnsName = $blobEndpoint } # Add the processed DNS name to the public resources array $storageaccountlist += $blobEndpoint } Write-Host -ForegroundColor Yellow "[*] Getting Azure Functions" # Get all Azure Functions with DNS Names $functions = Get-AzFunctionApp foreach ($function in $functions) { [PSCustomObject]@{ ResourceType = "Function App" Name = $function.Name DnsName = $function.DefaultHostName } $publicresources += $function.DefaultHostName } Write-Host -ForegroundColor Yellow "[*] Getting Containers (ACR)" # Get all Container Registries with DNS Names $containerRegistries = Get-AzContainerRegistry foreach ($containerRegistry in $containerRegistries) { [PSCustomObject]@{ ResourceType = "Container Registry" Name = $containerRegistry.Name DnsName = $containerRegistry.LoginServer } $publicresources += $containerRegistry.LoginServer } Write-Host -ForegroundColor Yellow "[*] Getting Kubernetes (AKS)" # Azure Kubernetes Service (AKS) $aksClusters = Get-AzAksCluster foreach ($aks in $aksClusters) { [PSCustomObject]@{ ResourceType = "AKS Cluster" Name = $aks.Name DnsName = $aks.DnsPrefix + ".hcp." + $aks.Location + ".azmk8s.io" } $publicresources += $aks.DnsPrefix + ".hcp." + $aks.Location + ".azmk8s.io" } Write-Host -ForegroundColor Yellow "[*] Getting Front Door" # Azure Front Door $frontDoors = Get-AzFrontDoor foreach ($fd in $frontDoors) { [PSCustomObject]@{ ResourceType = "Front Door" Name = $fd.Name DnsName = $fd.Hostname } $publicresources += $fd.Hostname } Write-Host -ForegroundColor Yellow "[*] Getting Traffic Manager" # Azure Traffic Manager $trafficManagers = Get-AzTrafficManagerProfile foreach ($tm in $trafficManagers) { [PSCustomObject]@{ ResourceType = "Traffic Manager" Name = $tm.Name DnsName = $tm.DnsName + ".trafficmanager.net" } $publicresources += $tm.DnsName + ".trafficmanager.net" } Write-Host -ForegroundColor Yellow "[*] Getting CDNs" # Retrieve all CDN profiles $cdnProfiles = Get-AzCdnProfile foreach ($profile in $cdnProfiles) { # Retrieve all endpoints for each CDN profile $cdnEndpoints = Get-AzCdnEndpoint -ProfileName $profile.Name -ResourceGroupName $profile.ResourceGroupName foreach ($cdnEndpoint in $cdnEndpoints) { [PSCustomObject]@{ ResourceType = "CDN Endpoint" ProfileName = $profile.Name EndpointName = $cdnEndpoint.Name DnsName = $cdnEndpoint.HostName } $publicresources += $cdnEndpoint.HostName } } Write-Host -ForegroundColor Yellow "[*] Getting Bastion" # Azure Bastion $bastions = Get-AzBastion foreach ($bastion in $bastions) { $bastionIp = Get-AzPublicIpAddress -ResourceGroupName $bastion.ResourceGroupName -Name $bastion.IpConfigurations[0].PublicIpAddress.Id.Split('/')[-1] if ($bastionIp) { [PSCustomObject]@{ ResourceType = "Bastion" Name = $bastion.Name PublicIpAddress = $bastionIp.IpAddress DnsName = $bastionIp.DnsSettings.Fqdn } $publicresources += $bastionIp.DnsSettings.Fqdn } } Write-Host -ForegroundColor Yellow "[*] Getting Redis Cache" # Azure Redis Cache $redisCaches = Get-AzRedisCache foreach ($redis in $redisCaches) { [PSCustomObject]@{ ResourceType = "Redis Cache" Name = $redis.Name DnsName = $redis.HostName } $publicresources += $redis.HostName } Write-Host -ForegroundColor Yellow "[*] Getting API Management" # Azure API Management $apiManagementServices = Get-AzApiManagement foreach ($apiMgmt in $apiManagementServices) { [PSCustomObject]@{ ResourceType = "API Management" Name = $apiMgmt.Name DnsName = $apiMgmt.GatewayUrl } $publicresources += $apiMgmt.GatewayUrl } Write-Host -ForegroundColor Yellow "[*] Getting DNS Zones" # Azure DNS Zones $dnsZones = Get-AzDnsZone foreach ($dnsZone in $dnsZones) { [PSCustomObject]@{ ResourceType = "DNS Zone" Name = $dnsZone.Name DnsName = $dnsZone.Name } $publicresources += $dnsZone.Name } Write-Host -ForegroundColor Yellow "[*] Getting Application Gateway" # Azure Application Gateway $appGateways = Get-AzApplicationGateway foreach ($appGateway in $appGateways) { foreach ($frontendIp in $appGateway.FrontendIpConfigurations) { $publicIp = Get-AzPublicIpAddress -ResourceGroupName $appGateway.ResourceGroupName -Name $frontendIp.PublicIpAddress.Id.Split('/')[-1] if ($publicIp) { [PSCustomObject]@{ ResourceType = "Application Gateway" Name = $appGateway.Name PublicIpAddress = $publicIp.IpAddress DnsName = $publicIp.DnsSettings.Fqdn } $publicresources += $publicIp.DnsSettings.Fqdn } } } Write-Host -ForegroundColor Yellow "[*] Getting SignalR Service" # Azure SignalR Service $signalRServices = Get-AzSignalR foreach ($signalR in $signalRServices) { [PSCustomObject]@{ ResourceType = "SignalR Service" Name = $signalR.Name DnsName = $signalR.HostName } $publicresources += $signalR.HostName } Write-Host -ForegroundColor Yellow "[***] Sorting..." Write-Host "------------------IPs & DNS Addresses----------------" $publicresources | sort -u $publicresources | sort -u | Out-File ("$outputDirectory\$subid-PublicResources.txt") Write-Host "-----------------------------------------------------" Write-Host "--------------------Storage Accounts-----------------" $storageaccountlist | sort -u $storageaccountlist | sort -u | Out-File ("$outputDirectory\$subid-StorageAccounts.txt") Write-Host ("[+] Results have been written to " + $outputDirectory + "\" + $subid + "-StorageAccounts.txt" + " and " + $outputDirectory + "\" + $context.subid + "-PublicResources.txt") Write-Host "-----------------------------------------------------" }